665 matches found
PT-2026-3410
Summary Since 2017, the default webpack plugins have passed the entire process.env to EnvironmentPlugin. This pattern exposed ALL build environment variables to client-side JavaScript bundles whenever application code or any dependency referenced process.env.VARIABLE NAME. This is not a regressio...
EUVD-2025-198960
Malicious code in @tezign/html-webpack-plugin npm...
Malicious code in @tezign/html-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 437929a07e5bc4e0e6dfe545fa858db027aa2ba4e6fa87701a09d5b07277b543 The package @tezign/html-webpack-plugin was found to contain malicious code...
MAL-2025-190916 Malicious code in @tezign/html-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 437929a07e5bc4e0e6dfe545fa858db027aa2ba4e6fa87701a09d5b07277b543 The package @tezign/html-webpack-plugin was found to contain malicious code...
EUVD-2025-176413
Malicious code in server-filament-framework-css-minimizer-webpack-plugin npm...
EUVD-2025-176600
Malicious code in rollup-plugin-optimize-css-assets-webpack-plugin-bootes-polaris npm...
EUVD-2025-178416
Malicious code in inflation-technocracy-css-minimizer-webpack-plugin-await npm...
EUVD-2025-179129
Malicious code in enif-terser-webpack-plugin-sass-loader-spectron-webdriver npm...
MAL-2025-187378 Malicious code in html-webpack-plugin-vega-atlas-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72fd14fbfa7df3518df196ac7331d4c07644a19e457f73f31be91ee9ab01ce42 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187030 Malicious code in fornax-janus-fusion-css-minimizer-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b0fb880a3bfb6b4d32d650b9778f2bab22b66cda0b72f0639a80bccf3fcd8cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-176606
Malicious code in rollup-plugin-chai-soap-terser-webpack-plugin npm...
EUVD-2025-176604
Malicious code in rollup-plugin-html-webpack-plugin-cordelia-rollup npm...
EUVD-2025-179933
Malicious code in bunyan-redis-capella-html-webpack-plugin npm...
EUVD-2025-179458
Malicious code in css-minimizer-webpack-plugin-superagent-npm-private npm...
Malicious code in terser-webpack-plugin-delphinus-membrane-cryovolcano (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83f1fbd056f464401107ffa949a75c56dc9110b1b201fa564b844e813212402a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-179454
Malicious code in csv-dysonswarm-aether-optimize-css-assets-webpack-plugin npm...
EUVD-2025-179328
Malicious code in dependencies-dynamo-optimize-css-assets-webpack-plugin-gatsby npm...
EUVD-2025-177433
Malicious code in optimize-css-assets-webpack-plugin-pm2-lyra-miranda npm...
EUVD-2025-180326
Malicious code in ariel-semantic-release-optimize-css-assets-webpack-plugin-prettier-plugin-markdown npm...
EUVD-2025-179354
Malicious code in delphinus-passport-blazar-css-minimizer-webpack-plugin npm...